It’s been over twenty years since hackers stealing AOL customer accounts and passwords inspired the term ‘phishing’. Since then, fraudulent attempts at acquiring personal information have become as ubiquitous as trolling on social media, or emails infected with viruses and worms. Phishing is big business, and it’s growing all the time.
With 55 per cent of incoming emails categorised as spam, this remains the primary conduit for phishing attacks. Most of us will occasionally receive phishing messages in our inboxes, despite the best efforts of spam filters and antivirus software. Messages may purport to be from blue-chip companies like Argos or Apple, sent via Government departments or even distributed by someone we already know. They generally attempt to install malware through compromised attachments,s or redirect us to bogus sites where every keystroke and character will be logged and used for fraudulent purposes.
As such, spotting a phishing email could avoid considerable stress and financial loss, quite apart from embarrassment and frustration. These are UK2.NET’s tips for successfully spotting a phishing email…
1. Consider the context.
If you’ve just bought a new car and you receive an email asking you to read the attached terms and conditions document, chances are it’s probably authentic. If your car is falling apart on the driveway, why would you have received such a message?
2. Study the sender’s address.
Emails display two things in the From field – the name an account has been given, and its actual email address. Spammers often use celebrity names for the former, but the latter is likely to be a string of alphanumeric gibberish, which can be revealed by hovering the mouse over the display name.
3. Pay attention to top-level domains.
This is key to spotting a phishing email. A sender’s name might show as ‘Morrisons’, but if the sender’s email ends in .ru or .cn, it’s not from that supermarket. Most spam originates in third-world or BRIC nations.
4. Study spelling and grammar.
Because they tend to originate in countries where English isn’t the native language, spam messages are often badly written. Would a genuine company really send a message which starts “greetings of the Day”?
5. Check whether you’re being addressed personally.
A message which starts “Dear valued customer” or “Dear,” is probably attempting to defraud you. Few spam databases will include forenames and surnames, or non-email user data.
6. Look out for strange attachments.
PayPal and Amazon are highly unlikely to send you emails with .PDF or .DOCX attachments. Don’t automatically open attachments unless (a) you were expecting them, or (b) you know the sender is legitimate.
7. Google part (or all) of the email’s subject or body text.
There are loads of websites and directories where known phishing scams are highlighted. Copy and paste text from a dubious message into Google, and see if it’s been logged as fraudulent.
8. Scan incoming messages with antivirus software.
Regularly updated anti-malware packages like Norton or Kaspersky excel at spotting a phishing email the instant it arrives in your inbox. The software quarantines suspect attachments and raise on-screen alerts.
9. Urgency is suspicious.
Spammers know their emails won’t hold up under scrutiny, so they inject a sense of urgency by asking for immediate action. This is common with financial scams, encouraging people ‘to resolve this situation immediately’.
10. The email looks strange.
This is a subjective matter and relies on intuition. Are there empty boxes where an image should be? Is the text overlapping itself? Is the company logo small and pixellated? If so, you’re probably looking at a spam message.